commit 52a829d1803056da8222f30dcc002c39c86c6f54
Author: Matt Peters <email address hidden>
Date: Thu Feb 21 11:20:15 2019 -0500
Temporarily disable iptables restore during puppet
Docker and kubernetes add rules to iptables, which can end up
persisted in /etc/sysconfig/iptables by calls to iptables-save.
When the puppet manifest is applied during node initialization,
kubernetes is not yet running, and any related iptables rules
will fail.
This update disables the restoration of iptables rules from
previous boots, to ensure the puppet manifest does not fail
to apply due to invalid rules. However, this means that in
a DOR scenario (Dead Office Recovery, where both controllers
will be intializing at the same time), the firewall rules
will not get reapplied.
Firewall management will be moved to Calico under story 2005066,
at which point this code will be removed.
Change-Id: I43369dba34e6859088af3794de25a68571c7154c
Closes-Bug: 1815124
Signed-off-by: Don Penney <email address hidden>
commit cba2b66e9b27efc077b89fb5e661b8dffc890fd8
Author: Erich Cordoba <email address hidden>
Date: Thu Feb 21 11:21:28 2019 -0600
Move DNS requirement into kubernetes::master
This was causing a failure in computes unlock process where the
Platform::Dns class cannot be found.
Closes-bug: 1817126
Change-Id: I0a9e9b60580944a49b9672803fc05216f204b222
Signed-off-by: Erich Cordoba <email address hidden>
commit 4b35404d6a03c4bfe6ea12e176d8624710a10b2c
Author: Don Penney <email address hidden>
Date: Thu Feb 21 11:33:30 2019 -0500
Ignore error on k8s taint removal from puppet
There are cases where the kubernetes taint is not present on,
or has already been removed from, a newly configured standby
controller. This causes the taint removal command run by the
puppet manifest to fail. This failure can be safely ignored,
so the command is updated by this commit to always return
success.
Change-Id: Icdb55738e052c65a28e44582e345038b0de83c37
Closes-Bug: 1815795
Signed-off-by: Don Penney <email address hidden>
Reviewed: https:/ /review. openstack. org/638513 /git.openstack. org/cgit/ openstack/ stx-config/ commit/ ?id=160ec4eca9b 999c7dfc1c0a60d 40c41998d1e9ed
Committed: https:/
Submitter: Zuul
Branch: f/stein
commit 52a829d1803056d a8222f30dcc002c 39c86c6f54
Author: Matt Peters <email address hidden>
Date: Thu Feb 21 11:20:15 2019 -0500
Temporarily disable iptables restore during puppet
Docker and kubernetes add rules to iptables, which can end up iptables by calls to iptables-save.
persisted in /etc/sysconfig/
When the puppet manifest is applied during node initialization,
kubernetes is not yet running, and any related iptables rules
will fail.
This update disables the restoration of iptables rules from
previous boots, to ensure the puppet manifest does not fail
to apply due to invalid rules. However, this means that in
a DOR scenario (Dead Office Recovery, where both controllers
will be intializing at the same time), the firewall rules
will not get reapplied.
Firewall management will be moved to Calico under story 2005066,
at which point this code will be removed.
Change-Id: I43369dba34e685 9088af3794de25a 68571c7154c
Closes-Bug: 1815124
Signed-off-by: Don Penney <email address hidden>
commit cba2b66e9b27efc 077b89fb5e661b8 dffc890fd8
Author: Erich Cordoba <email address hidden>
Date: Thu Feb 21 11:21:28 2019 -0600
Move DNS requirement into kubernetes::master
This was causing a failure in computes unlock process where the
Platform::Dns class cannot be found.
Closes-bug: 1817126 a49b9672803fc05 216f204b222
Change-Id: I0a9e9b60580944
Signed-off-by: Erich Cordoba <email address hidden>
commit 4b35404d6a03c4b fe6ea12e176d862 4710a10b2c
Author: Don Penney <email address hidden>
Date: Thu Feb 21 11:33:30 2019 -0500
Ignore error on k8s taint removal from puppet
There are cases where the kubernetes taint is not present on,
or has already been removed from, a newly configured standby
controller. This causes the taint removal command run by the
puppet manifest to fail. This failure can be safely ignored,
so the command is updated by this commit to always return
success.
Change-Id: Icdb55738e052c6 5a28e44582e3450 38b0de83c37
Closes-Bug: 1815795
Signed-off-by: Don Penney <email address hidden>